Reporting modules

Each reconnaissance module that you run will store the output in separate tables. You can export these tables in several formats, such as CSV, HTML, and XML files. To view the different tables that the Recon-ng tool uses, you need to enter show and press Tab twice to list the available options for the autocomplete feature.

To export a table into a CSV file, load the CSV reporting module by entering use reporting/csv. (The load command can be used instead of use with no effect.) After loading the module, set the filename and the table to be exported and enter run:

Here are some additional reconnaissance modules in Recon-ng that can be of great help to a penetration tester:

  • Netcraft hostname enumerator: Recon-ng will harvest the Netcraft website and accumulate all of the hosts related to the target and store them in the hosts table.
  • SSL SAN lookup: Many SSL-enabled websites have a single certificate that works across multiple domains using the Subject Alternative Names (SAN) feature. This module uses the http://ssltools.com/ website to retrieve the domains listed in the SAN attribute of the certificate.
  • LinkedIn authenticated contact enumerator: This will retrieve the contacts from a LinkedIn profile and store them in the contacts table.
  • IPInfoDB GeoIP: This will display the geolocation of a host using the IPInfoDB database (requires an API).
  • Yahoo! hostname enumerator: This uses the Yahoo! search engine to locate hosts in the domains. Having modules for multiple search engines at your disposal can help you locate hosts and subdomains that may have not been indexed by other search engines.
  • Geocoder and reverse geocoder: These modules obtain the address using the coordinates provided using the Google Map API, and they also retrieve the coordinates if an address is given. The information then gets stored in the locations table.
  • Pushpin modules: Using the Recon-ng pushpin modules, you can pull data from popular social-networking websites, correlate it with geolocation coordinates, and create maps. Two widely used modules are as follows:
    • Twitter geolocation search: This searches Twitter for media (images and tweets) uploaded from a specific radius of the given coordinates
    • Flickr geolocation search: This tries to locate photos uploaded from the area around the given coordinates

These pushpin modules can be used to map people to physical locations and to determine who was at the given coordinates at a specific time. The information accumulated and converted to a HTML file can be mapped to a satellite image at the exact coordinates. Using Recon-ng, you can create a huge database of hosts, IP addresses, physical locations, and people, all just using publicly available resources.

Reconnaissance should always be done with the goal of extracting information from various public resources and to identify sensitive data that can be used by an attacker to target the organization directly or indirectly.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.100.180